Account Collector for Authentication Manager is not reading Disabled Accounts correctly in Identity Geovernance and Lifecycle 7.0.0.

3 years ago

Originally Published: 2016-12-16

Article Number

000065805

Applies To

RSA Product Set: Identity Management and Governance
Product Name: Identity Governance and Lifecycle
RSA Version: 7.0.0, 7.0.1
Platform: Any

Issue

We have Authentication Manager directly connecting to Identity Governance and Lifecycle 7.0.0, but it is not reading disabled accounts correctly. There is a field indicating “Is Disabled” for all collected accounts and each has value set to “No” despite those accounts are in disabled status in Authentication Manager.

Resolution

If the status of the accounts is not collected during the Account Collection using the correct query, by default IG&L will mark the account status as ‘Is Disabled=No’.
For example: In ADC configuration, under ‘Mapping for Accounts Attributes’ section, there is no DB Column mapped to ‘Account Disabled’ attribute as you can see below:

In order to retrieve account status information from Authentication Manager, you can use query as below:
CASE WHEN prin_data.enable_flag = 'true' THEN 0 ELSE 1 END as account_status

Resolution
Mapping the value of DB Column ‘account_status’ to ‘Disabled Accounts’ as shown below and recollecting the accounts using ADC resolves the issue. Value of "Is Disabled" will then show as 'yes'.

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles